Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1138

7 documents7 sources

Severity

5.0MEDIUM

EPSS

5.2%

top 10.04%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Interchange

Timeline

PublishedOct 27

Latest updateApr 29

Description

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/interchange2.0.40_21.5

🔴Vulnerability Details

GHSA

GHSA-rpv4-252f-9j5c: The default configuration of Apache 2↗2022-04-29

▶

CVEList

CVE-2003-1138: The default configuration of Apache 2↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

RedHat Apache 2.0.40 - Directory Index Default Configuration Error↗2003-10-27

▶

📋Vendor Advisories

Debian

CVE-2003-1138: apache2 - The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, a...↗2003

▶

Red Hat

CVE-2003-1138: The default configuration of Apache 2↗

▶

💬Community

Bugzilla

Spacewalk: CVE-2003-1138↗2008-07-23

▶